Changeset 232998 in webkit

Timestamp:

Jun 19, 2018 5:45:06 PM (6 years ago)

Author:

msaboff@apple.com

Message:

Crash in sanitizeStackForVMImpl sometimes when switching threads with same VM
​https://bugs.webkit.org/show_bug.cgi?id=186827

Reviewed by Saam Barati.

Need to set VM::lastStackTop before any possible calls to sanitizeStack().

• runtime/JSLock.cpp:

(JSC::JSLock::didAcquireLock):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/JSLock.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-06-19  Michael Saboff  <msaboff@apple.com>
+
+        Crash in sanitizeStackForVMImpl sometimes when switching threads with same VM
+        https://bugs.webkit.org/show_bug.cgi?id=186827
+
+        Reviewed by Saam Barati.
+
+        Need to set VM::lastStackTop before any possible calls to sanitizeStack().
+
+        * runtime/JSLock.cpp:
+        (JSC::JSLock::didAcquireLock):
+
 2018-06-19  Tadeu Zagallo  <tzagallo@apple.com>
 

trunk/Source/JavaScriptCore/runtime/JSLock.cpp

@@ -135 +135 @@
     ASSERT(m_entryAtomicStringTable);
 
+    m_vm->setLastStackTop(thread.savedLastStackTop());
+    ASSERT(thread.stack().contains(m_vm->lastStackTop()));
+
     if (m_vm->heap.hasAccess())
         m_shouldReleaseHeapAccess = false;
@@ -146 +149 @@
     m_vm->setStackPointerAtVMEntry(p);
 
-    m_vm->setLastStackTop(thread.savedLastStackTop());
-    ASSERT(thread.stack().contains(m_vm->lastStackTop()));
-    
     m_vm->heap.machineThreads().addCurrentThread();
 #if ENABLE(WEBASSEMBLY)